PDA

View Full Version : LTS question



stuart.reinke
October 17th, 2009, 02:40 PM
Does the long term support only apply to Ubuntu? I was on the Kubuntu website and they show support for Kubuntu Hardy to end this month.

Just curious.

Screwdriver0815
October 17th, 2009, 02:45 PM
Does the long term support only apply to Ubuntu? I was on the Kubuntu website and they show support for Kubuntu Hardy to end this month.

Just curious.
Kubuntu Hardy was no LTS because KDE 3.5 was at the end of its life. So it was not intended to support KDE 3.5 until 2011.

Normally, thats my understanding, LTS are for all flavours of Ubuntu, but Hardy was an exception because of the mentioned reasons

Sand & Mercury
October 17th, 2009, 02:52 PM
Huh... that is strange. Maybe it's because the KDE 3.x series is reaching the end of its life cycle. Or maybe it's just a typo...

EDIT: Screwdriver beat me to it.

Screwdriver0815
October 17th, 2009, 02:54 PM
Huh... that is strange. Maybe it's because the KDE 3.x series is reaching the end of its life cycle.
maybe... maybe because KDE 3.5 is replaced by KDE 4.3

NoaHall
October 17th, 2009, 02:54 PM
It's probably best to get Ubuntu LTS version, then install KDE interface.

Sand & Mercury
October 17th, 2009, 03:05 PM
https://wiki.kubuntu.org/HardyHeron/RC/Kubuntu

Says that Kubuntu Hardy is indeed an exception on the LTS thing because of the KDE switch.

Screwdriver0815
October 17th, 2009, 03:05 PM
It's probably best to get Ubuntu LTS version, then install KDE interface.
No, then you lose the LTS-factor. LTS means all, including apps, GUI... everything, not just the underlying system.
Otherwise the guys at Kubuntu could have done the same and then Kubuntu Hardy would be a LTS. But its not, because KDE 3.5 has reached EOL.

Bachstelze
October 17th, 2009, 03:22 PM
No, then you lose the LTS-factor. LTS means all, including apps, GUI... everything, not just the underlying system.

So what? Obviously, KDE itself won't get updates after it reaches EOL, but that changes nothing to other packages. When KDE reaches EOL, it probably won't need much updates anymore anyway.

Sand & Mercury
October 17th, 2009, 03:27 PM
So what? Obviously, KDE itself won't get updates after it reaches EOL, but that changes nothing to other packages. When KDE reaches EOL, it probably won't need much updates anymore anyway.
With that in mind, why neglect to make 8.04 an LTS release in the first place?

Bachstelze
October 17th, 2009, 03:29 PM
With that in mind, why neglect to make 8.04 an LTS release in the first place?

8.04 is LTS. Just the Kubuntu (i.e. KDE) part of it isn't. Kubuntu and Ubuntu are not distinct OSes. They use the same packages, so if a package is updated in Ubuntu, you will get the update regardless of whether you use Kubuntu, Xubuntu, Edubuntu or Milkshakebuntu.

Sand & Mercury
October 17th, 2009, 03:32 PM
8.04 is LTS. Just the Kubuntu (i.e. KDE) part of it isn't. Kubuntu and Ubuntu are not distinct OSes. They use the same packages, so if a package is updated in Ubuntu, you will get the update regardless of whether you use Kubuntu, Xubuntu, Edubuntu or Milkshakebuntu.
Oh yeah, you're completely right. I had a bit of a brain fart then -- for a second I thought they use different repositories.

NoaHall
October 17th, 2009, 03:36 PM
No, then you lose the LTS-factor. LTS means all, including apps, GUI... everything, not just the underlying system.

No you don't.

You only lose the GUI side of it, but the rest is fine. So it's better to do it like that.

stuart.reinke
October 17th, 2009, 04:19 PM
I'm instaling for a friend that is barley computer literate. I think LTS is probably the way to go to be as stable as possible. KDE 3.5 on Hardy should be my best bet. Yes?

Screwdriver0815
October 17th, 2009, 09:58 PM
@Bachstelze and NoahHall:

and what happens when there are security holes found in KDE 3.5 and 4.3 (which the OP wants to install)? As the GUI related things are not maintained as long as an average user wants to use a LTS this may lead into a security risk which you never can fully estimate and therefore you can not negate this.

I think that your advice is really irresponsible.


I'm instaling for a friend that is barley computer literate. I think LTS is probably the way to go to be as stable as possible. KDE 3.5 on Hardy should be my best bet. Yes?
no. Please do not do this. Do not use Kubuntu 8.04 longer than it is supported. Rather switch to a newer version. There you can be sure that you are safe, security-wise.

NoaHall
October 17th, 2009, 10:01 PM
You can still update KDE without jumping the gap between. I don't see what your point is?

Bachstelze
October 17th, 2009, 10:02 PM
and what happens when there are security holes found in KDE 3.5 and 4.3 (which the OP wants to install)? As the GUI related things are not maintained as long as an average user wants to use a LTS this may lead into a security risk which you never can fully estimate and therefore you can not negate this.

Get real. Even if a security vulnerability did appear in KDE 3.5, the chances of it being severe enough to be actually dangerous and exploited by evil hackers to break into the computer of Joe Average are what?

NoaHall
October 17th, 2009, 10:04 PM
Get real. Even if a security vulnerability did appear in KDE 3.5, the chances of it being severe enough to be actually dangerous and exploited by evil hackers to break into the computer of Joe Average are what?

Ah, but he does have a point there. A true secure system is a system that has covered all the possible bugs and holes.

Bachstelze
October 17th, 2009, 10:06 PM
Ah, but he does have a point there. A true secure system is a system that has covered all the possible bugs and holes.

http://xkcd.com/538/

Be sure to read the title text.

Screwdriver0815
October 17th, 2009, 10:07 PM
Get real. Even if a security vulnerability did appear in KDE 3.5, the chances of it being severe enough to be actually dangerous and exploited by evil hackers to break into the computer of Joe Average are what?
Not I have to get real. You are the one who has to get real! I can not believe that a moderator of this forum posts such advices!

A risk is a risk. If a risk rises which will NEVER be fixed as the support has ended, what is this? It is a severe risk as there will NEVER be a fix for that. Nobody knows about existing risks and even when they get public, no one cares about them. So is it a good idea then to install a system which is no more supported? No, it is NOT!

NoaHall
October 17th, 2009, 10:10 PM
http://xkcd.com/538/

Be sure to read the title text.


The point of LTS is to provide a secure desktop to be used. This could be used to hold bank data, company details, etc. So no, they are not only going to get $5 out of it, they are going to get a lot more.

Screwdriver0815
October 17th, 2009, 10:13 PM
The point of LTS is to provide a secure desktop to be used. This could be used to hold bank data, company details, etc. So no, they are not only going to get $5 out of it, they are going to get a lot more.
right. I agree.

Additionally the developers do not say "the support for version xy runs out, please switch to a newer version" without having a reason. They do this because of security.

Bachstelze
October 17th, 2009, 10:14 PM
The point of LTS is to provide a secure desktop to be used. This could be used to hold bank data, company details, etc. So no, they are not only going to get $5 out of it, they are going to get a lot more.

Because you think that just because you install LTS, you magically have a secure system? If that's the case, you are very mistaken.

NoaHall
October 17th, 2009, 10:16 PM
Because you think that just because you install LTS, you magically have a secure system? If that's the case, you are very mistaken.

No, that's not what I'm saying, I'm saying it's meant to be the most stable and secure possible setup it can be. The rest is up to the admins, but the admins can't do much if there's a huge flaw in the software.

Screwdriver0815
October 17th, 2009, 10:22 PM
Because you think that just because you install LTS, you magically have a secure system? If that's the case, you are very mistaken.
so why don't we use Debian from 1993? Its so secure isn't it?

The point of a LTS is to provide updates for a longer timeframe. I think, you as a member of the forums staff should know this. Also as you (estimated from your posting style) think that you are really really clever.

It does absolutly no matter if a system is a LTS or not. When the support runs out, it should not be used anymore. Because there can be security holes in there which were not detected during the support-time.
When this system is used beyond the support-time a security hole could be found and it never will get public (which makes it easy for potencial attackers), nor will it be fixed.

--> for the record: I can not believe that I as an average user have to explain this to a member of the forums staff!!

There is no reason to use a system which is not supported anymore. There are more reasons against doing so. So why the hell do you say that it is a good idea??

Bachstelze
October 17th, 2009, 10:27 PM
No, that's not what I'm saying, I'm saying it's meant to be the most stable and secure possible setup it can be.

You are wrong. As its name implies, the point of LTS is that it's supported longer. A LTS is not more secure or stable than any other Ubuntu release. It is aimed at people who are running servers (therefore, with no GUI) and don't want to upgrade them as often as they would need to with a normal Ubuntu releease.


The rest is up to the admins, but the admins can't do much if there's a huge flaw in the software.

However, it does not seem that this system will be used by a security expert.

Therefore, two things:

1) It's pointless to install LTS on a desktop in the first place, and
2) Chances are that even with entirely supported software, this system would have weak security. But guess what? IT DOESN'T MATTER. The level of security a system must have is directly proportional to the value of the data that is stored on it. I don't think the system in question will have top secret data on it.



When this system is used beyond the support-time a security hole could be found and it never will get public (which makes it easy for potencial attackers), nor will it be fixed.

A security hole in something as big as KDE that wouldn't get public? Once again, get real.


There is no reason to use a system which is not supported anymore. There are more reasons against doing so. So why the hell do you say that it is a good idea??

I don't say it's a good idea. KDE 3.5 is old, and I don't see the point in using it. I'm saying that if someone really wants to use it, it's no big deal.

koleoptero
October 17th, 2009, 10:30 PM
http://xkcd.com/538/

Be sure to read the title text.

Security issues tend to refer more to bugs that can crash your system or cause loss of data (i.e. filesystem bugs), and not your pc being hacked and your credit card data stolen.

Bachstelze
October 17th, 2009, 10:33 PM
Security issues tend to refer more to bugs that can crash your system or cause loss of data (i.e. filesystem bugs), and not your pc being hacked and your credit card data stolen.

We are not talking about a filesystem here, we are talking about KDE, for crying out loud! A bug in KDE won't make your computer explode or your files disappear!

NoaHall
October 17th, 2009, 10:34 PM
LTS is an abbreviation for “Long Term Support”.

We issue a new desktop and server release every six months. That means you'll always have the latest and greatest applications that the open source world has to offer. Ubuntu is designed with security in mind. You get free security updates for at least 18 months on the desktop and server.

A new LTS version is released every 2 years. With the Long Term Support (LTS) version you get 3 years support on the desktop, and 5 years on the server.


our goal of ensuring stability

We start stabilizing the release early by significantly limiting the number of new features. We will choose which features we package into the LTS release, versus which ones we leave out and allow for users to optionally download and use from a separate archive.
Avoid structural changes as far as possible, such as changing the default set of applications, lots of library transitions, or system layer changes (example: introducing KMS or hal → DeviceKit would not have been appropriate changes in an LTS).

It's not just for servers. It's much more suitable to use in work, and you would know so, if you ever managed a network as a system admin. It's a nightmare to try and maintain a stable and secure system by updating it completely every 6 months.

Bachstelze
October 17th, 2009, 10:38 PM
It's not just for servers. It's much more suitable to use in work


I'm instaling for a friend that is barley computer literate.

I think we can assume it won't be used at work.

Screwdriver0815
October 17th, 2009, 10:40 PM
A security hole in something as big as KDE that wouldn't get public? Once again, get real.

in KDE 3.5 which is not supported anymore? Where the number of users decreases? Where the number of developers and supporters runs ---> 0??

Please, do me a favour: do not give any irresponsible advices.
If I get a similar answer as this "get real" ******** from you in this issue I will complain about you at the forums admins.



I don't say it's a good idea. KDE 3.5 is old, and I don't see the point in using it. I'm saying that if someone really wants to use it, it's no big deal.

it IS a big deal. Are you aware about, what is listed in the Kubuntu Hardy sources.list? Repositories which will be no longer maintained and which will switched off in the next time. Changing this to "Ubuntu" instead of "Kubuntu" in the links and so on is much more a big deal than just installing a newer version. And when you consider that you still have security risks, no matter if you say "there is no"--> doing as if you are the one who is in the position to judge this... you will come to the result that it in fact is a huge deal.

NoaHall
October 17th, 2009, 10:41 PM
I had no idea we were addressing a question, I thought we were generalizing.

To the question asked - I'd say just go for a normal version, but not Karmic. It's not that hard to keep it up to date, just make sure it installs all the updates for him.

Bachstelze
October 17th, 2009, 10:46 PM
If I get a similar answer as this "get real" ******** from you in this issue I will complain about you at the forums admins.

If you think you're scaring me with this, you're wrong. You're the one who's getting vulgar here, not I.

koleoptero
October 17th, 2009, 10:47 PM
We are not talking about a filesystem here, we are talking about KDE, for crying out loud! A bug in KDE won't make your computer explode or your files disappear!

A bug in kubuntu not fixed though...

Screwdriver0815
October 17th, 2009, 10:52 PM
If you think you're scaring me with this, you're wrong. You're the one who's getting vulgar here, not I.
scaring?? WTF???

It simply has something to do with the fact that you as a member of the forums staff have a certain responsibility. This responsibility includes NOT to give advice to users which could compromite their security! If you can not fullfill this responsibility, you are wrong in this position. Fact. And as far as I can see, you can not fullfill this responsibility.

This is the simple and only reason for that.

An operating system is not a toy. There can be done damages to users which you can not estimate. Especially when you give such advices!

Bachstelze
October 17th, 2009, 10:56 PM
*sigh*

@OP: you know what? Just install LTS and Gnome, problem solved.

NCLI
October 17th, 2009, 11:12 PM
You know, you could just add a PPA and install KDE 4.3 from there...

Bachstelze
October 17th, 2009, 11:14 PM
You know, you could just add a PPA and install KDE 4.3 from there...

PPAs are not supported! :o You are giving irresponsibe advice, I will complain to the admins!

Screwdriver0815
October 17th, 2009, 11:19 PM
PPAs are not supported! :o You are giving irresponsibe advice, I will complain to the admins!
you don't need to mock around. The complaint is already sent.

Bachstelze
October 17th, 2009, 11:21 PM
you don't need to mock around. The complaint is already sent.

FYI, it is totally true that PPAs are unsupported. But it's all right to use them?

NoaHall
October 17th, 2009, 11:33 PM
It was a fair point, but not quite given in the right way. I think you took it out on someone else, not Screwdriver0815, which isn't really fair.

xArv3nx
October 17th, 2009, 11:36 PM
Also as you (estimated from your posting style) think that you are really really clever.
she's the most annoying person here. besides me, of course. :D

Screwdriver0815
October 17th, 2009, 11:37 PM
FYI, it is totally true that PPAs are unsupported. But it's all right to use them?
another thing: if you get the "clever idea" to maybe delete or change some of your irresponsible postings, I'd say: save your work. This thread is already printed into a pdf file.

Bachstelze
October 17th, 2009, 11:38 PM
another thing: if you get the "clever idea" to maybe delete or change some of your irresponsible postings, I'd say: save your work. This thread is already printed into a pdf file.

You're very funny. :p Why would I do such a thing?

Bachstelze
October 17th, 2009, 11:52 PM
Some more funny facts:

1) The official KDE website (http://kde.org/info/releases.php) advertises KDE 3.5 as "rock stable".

2) No EOL has been announced for KDE 3.5. For all we know, it could very well stil be supported when Hardy will reach its desktop EOL in eighteen months.

NoaHall
October 17th, 2009, 11:55 PM
You're very funny. :p Why would I do such a thing?

Come on, we all know why you would...to make him call you a rabbit or something, so you look better. Although I don't know why calling anyone a rabbit would make anyone look better.

running_rabbit07
October 19th, 2009, 12:51 AM
First I would suspect that a business would be running Ubuntu or Xubuntu, not Kubuntu, being they will want max performance from their machines, not a pretty interface.

Second, If a business is that worried about security and wants to keep KDE, they can easily hire a tech to upgrade the KDE and do whatever work is needed to the kernel to make that work.

Third, For a home system, if you are that worried about security, upgrade to Intrepid, Jaunty, or better yet, Karmic and get over it.

There is plenty of choice, you whould be able to make something work. If it really makes you that mad, there are other alternatives.

stuart.reinke
October 19th, 2009, 02:59 AM
I sure didn't mean to cause such a heated debate. My thought was to recommend 8.04 because it has been out the longest and has had the most bugs found and fixed. I also thought of KDE because I thought he might like it better than Gnome.

I should let him have a look at a Karmic live CD and decide what he wants.

running_rabbit07
October 19th, 2009, 03:11 AM
Hardy is a great choice.